Geogram Information Security Policy

The management of Geograma SL and Geograma GIS SL, hereinafter jointly referred to as “Gegrama”, recognize the need to ensure the confidentiality, integrity and availability of information in all the organization’s business activities. This need underscores the importance of being prepared to prevent, detect, respond and recover from any security incident. To achieve this, it is essential to have adequate resources to implement the necessary security measures to maintain an acceptable level of risk, together with continuous monitoring of business continuity.

It is the responsibility of the entire organization, and in particular the security manager and management, to protect information by preventing unauthorized interruptions or modifications and ensuring that it is not accessible by unauthorized persons. In this sense, it is essential that Geograma’s network and information systems infrastructure has the necessary capacity to effectively counteract any incident that may compromise the access, availability, authenticity, confidentiality, traceability and preservation of data and services in the digital sphere. Computer security must be integrated into each stage of the life cycle of businesses and information systems, from their design to their deactivation, including the development or acquisition and operation phases. To comply with established information security standards, an updated Risk Analysis will be maintained, along with the security measures implemented to mitigate said risks. These measures are mandatory.

Area of application
These information security regulations cover all security measures applicable to Geograma’s equipment, services, systems and other IT resources that support its processes and affect the different information assets. This includes both resources physically located in offices and those used in remote work modalities.

Basic security principles
The fundamental security principles that will guide the protection of information are:
o Design of a preventive strategy to minimize security risks
o Creation of defense and continuity plans for essential services
o Protection of employees both at work and on professional trips
o Protection and confidentiality of information, information and communication systems, and establishment of controls to prevent their improper use
o Classification and protection of confidential information and business secrets
o Surveillance and defense in case of attacks on the brand and reputation
o Respect for the protection of personal data and privacy
o Application of efficient security measures for the development of activities
o Promotion of a safety culture through training and dissemination
o Extension of security principles to suppliers
o Collaboration with public authorities in security and non-interference in their functions
o Acting in accordance with current legislation and Geograma values